LiveProjects version 1.0 suffers from a remote SQL injection vulnerability.
0e2e40910a9b562c020cda663d763fc767cf5640ab56528f88ad87f283c5ff3bMS05-039 Scan version 1.0 Hostname / IP field local buffer overflow proof of concept exploit.
7ed261a9cd6c2588b6fbb6c0c4303ce017ca1d2d74f3e3e6fdfd7291d9fd4491The WordPress Share-On-Diaspora plugin suffers from a cross site scripting vulnerability.
8e341bd07e40327393d27cd430547711351c76ae245dc3d8b5f766e668cfa4fdAndrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code.
f1d27ee9e08fb4d7aba3b36609845fbfa5e959afbcd42c78b5b81f4e0bfae6dbUbuntu Security Notice 3391-3 - USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. Various other issues were also addressed.
f2d39de0ff7de658291fa799d09f1741f589d894f69f2e6a973110f4163f6cceRed Hat Security Advisory 2017-2491-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.
352725d74fb95f72e0eb2f1edd747d546b633fd9a8905c9eff78c83dc5aa4586Ubuntu Security Notice 3393-2 - USN-3393-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that ClamAV incorrectly handled parsing certain e- mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
8fd58062c30085905cc01c1098152f994df7c716aecd3d0a398017949e523fc2Ubuntu Security Notice 3395-1 - It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service.
ef3b4e4d000c68353a1287396b39c0b6fce0cf39e987d944fc197261b6bdd594Ubuntu Security Notice 3394-1 - It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. Various other issues were also addressed.
a0b46445e4ab459c8be9a3fd485694f68d4bf328d55a6fb5e5126ac7307c6fb0Ubuntu Security Notice 3393-1 - It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. In the default installation, attackers would be isolated by the ClamAV AppArmor profile. Various other issues were also addressed.
5a8a590d5c4661efe2ab9a585a3bdb49af512e3663523c10454e99d28c3b6218tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
6453d84b6d4fdbb3f4235d394ae6c5f3b6e0b33a4949b82b62b89d493300c977Red Hat Security Advisory 2017-2489-01 - Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository. A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit.
8738f069f2944ea66cc39edcf21cdadd76160904bb6eb1bd0d4f6efa07edf23cDebian Linux Security Advisory 3928-2 - The update shipped in DSA 3928-1 failed to build on the mips, mipsel and powerpc architectures for the oldstable distribution (jessie). This has been fixed in 52.3.0esr-1~deb8u2.
2241c1321d3dca5bef6d1a75d61450076db81b99b39053b9b26c2f047d3d14b8Gentoo Linux Security Advisory 201708-2 - Multiple vulnerabilities have been found in TNEF, the worst of which allows remote attackers to cause a Denial of Service condition. Versions less than 1.4.15 are affected.
9dded95bc98228c06aa4ac38c727a84c5de680789e9d4cfca157145791423a02Gentoo Linux Security Advisory 201708-1 - Multiple vulnerabilities have been found in BIND, the worst of which allows remote attackers to cause a Denial of Service condition. Versions less than 9.11.1_p1 are affected.
26ecec5b9c39723c91713f534c2bfcfc46f59790162df2b1e8c128e88b83f604Red Hat Security Advisory 2017-2486-01 - Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby, and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you can use Java. Security Fix: It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.
a1fd88ee9b98684c5d3a03d061cbff1448a3466d1e203a555c8ccdfda02aa6c0The included proof of concept file causes the traits of an ActionScript object to be accessed out of bounds in Adobe Flash. This can probably lead to exploitable type confusion.
3405d594903c387601f7c35a33eb5e51b9377962f2e626207f38421835a61d78Yet another finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient.
dd744360fbce38a89344c69c4be3fb6e4f8093fc7dd49123ac3567a30791d8b7Microsoft Edge Chakra suffers from an integer overflow vulnerability in EmitNew.
217713876803ee8fb301be8b412d4b727c8939e79817fecbccb1e394b028e57bMicrosoft Edge Chakra suffers from an uninitialized arguments vulnerability in Parser::ParseFncFormals with the "PNodeFlags::fpnArguments_overriddenInParam" flag.
ca6f74d7bb73cacfbaad6ce8151f2d0f5e6e4bc61b8d7c2982869c76df38af88Microsoft Edge Chakra suffers from an uninitialized arguments vulnerability.
bc72550bd11b91862b70eeef07245ad2a51ef2e44e79e6ed2a13456c8113eb6cMicrosoft Edge Charka does not handle CallInfo properly in JavascriptFunction::EntryCall.
e95109ebc399b86e728a3585ff62325148e6c790cdf3d57b95b295811bcb7ed7Microsoft Edge Chakra suffers from a type confusion vulnerability in JavascriptArray::ConcatArgs.
218f35cd65e75f8deb9766cd3f68774825fdd90974052767fde0b2b79b18b617This is a follow-up finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient.
f1455b5d16426b1fed7f2d0951c0b89d7dd75973cbee4a79240dd19472ffc899Microsoft Edge Chakra has an issue where EmitAssignment uses the "this" register without initializing.
31e0d764931a2b83c8b59dc12ca6bb5a7d420ed10202786ef5bb60c564333388
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed